NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Printing segregated to VLAN by itself
For the life of me, can't get the printer to be alive on its own VLAN.. The SRX5308 is the fw-router (no VPNs just VLANs) Identified 12 VLANs and treating these as port based VLANs and there's a M...
request that a moderator mark this thread as [solved] in the subj line without changing thread contents for the benefit of future seekers seeking this soln.
(NOTE; having to post this as separate thread entries as ths forum's BB system only allow 10K characters per posting)
This support case was solved on 3/6th, the day after last posting, by a Netgear "Middle Enterprise Experts L2" support group engr. So in all fairness, this particular sub group inside of Netgear support proved responsive and ESPECIALLY so as to the particular engr that i dealt with.
The following solution is based on ACLs and was generated by Netgear "Middle Enterprise Experts L2" support group.
( i wil not mention the name of the person that solved this for us and that i personally found to be a very resourcefull and a very skilled support engr, as i do not want to endanger their job if the wrong "spin" is put on by the employer. -stranger things i have witnessed..- I would just like to thank them and tell all that the following is their work at solving this. SO this is not my work, and it works very well, as it solved this problem for us )
The following will also solve the problem of anyone setting up a bunch of VLANs tht they want to have as separate or segregated (i will not use the word "isolated VLAN" as the term "isolated" refers to something else inside Netgear documentation as far as configuraitons where VLANS are concerned),
In this setup let's say we/you want to only share the internet connection
-(this also could be multiple WAN providers on a SRX5308 or similar multi-wan router, regardless, the internet feed(s)conection(s)- is intended to be shared),
and also required is inbound svcs (like RDP remote control for users' desktop access and such) and of course, outbound services from all VLAN LANs.
-(By this i mean that the VLAN ports on the M4100 are set up as port based VLANs and in turn are connected to flat LAN unmanaged switches at diffrent depts).
Also a shared resource pool is needed so as to be able to have all the VLANs share a common printer/copier and perhaps sharepoint servers, email servers and such ..
-So the approach found to work is take one of the VLAN ports (NOT the default LAN, which is known as the VLAN 1 port), but say using port 4, as it is used in this case, and make it into the common VLAN, seen by all VLAN members and then the printer(s) are connected to an unmanaged switch that ends up being connected to port 4 on the M4100 VLAN switch.
The setup:
You have a router (a Netgear SRX5308 in this case, but i can see for soho use even an older DD-WRT flashed Linky blu-box that's broadcom based and can define VLANs just doing the job) feeding a M4100 port based VLAN switch. (i can also see any managed switch being used that has VLAN support, same principles apply)
You are using 12 ports with VLANs assigned to ports as follows and you have the router also configured so it knows about the VLANs and also is doing the dhcp for all the VLANs.
IMPORTANT HERE --> On the router you turn on "enable interVLAN routing" ON ALL THE VLANS AND PORTS (EXCEPT PORT 2 WHICH YOU WILL USE FOR VOIP TRAFFIC AND IS A SEPARATE ENTITY) as you will use the M4100 VLAN switch ACL scripts to stop the packets from getting to the VLANs (ON THE SWITCH ITSELF, BEFORE EVEN GETTING TO THE ROUTER) as the goal is you dont want to snoop each others' VLANs or discover each others' resources.
(oops forgot to mention that, Updated the fw to latest rev upon unboxing of both router and switch).
On both the router and switch you define the following VLANs and ip ranges
The router and switch are interconnected with a patch cord on each other's respective port 1's.
VLAN 1 is default LAN, PVID 1 on switch, and carries all internet traffic
On switch you have it UNtagged in its own default LAN (marked VLAN 1) configuration for ALL the ports on the switch, (BUT AS A TAGGED port, as you see below, when you define all the other VLANs). You define on the router the default LAN config (VLAN 1) as dhcp range 10.100.1.100 - 200 range and its deflt gw as 10.100.1.1 (it's \24 on this deflt LAN & all these VLANs, 255.255.255.0, --(found out from the router that i couldnt use the old supernet trik of stipulating a 255.255.248.0 or 255.255.240.0 netmask to have more hosts. it wouldnt take it, telling me i'm outa range..)
On the router, no deffn as to Port 2 and also on the switch port 2 remains factory default as PVID 1 (just another port like port 1 at this point) because port 2 is being reserved for future allocation to Voip traffic and on this particular Netgear M4100 port based VLAN switch port 2 is designated as the AutoVoip port and comes preconfigured for Voip expected usage. YOU LEAVE THIS PORT WELL ENOUGH ALONE on switch for now
Port 3 on switch is marked (you mark it) as PVID 30, on router it's created as VLAN 30 and on the router you set its dhcp range as 10.100.3.100 - 200 with a default gw of 10.100.3.1, On switch under port membership, you mark its config as port 1 tagged, port 3 & 4 as untagged.
Port 4 on switch is marked (you mark it) as PVID 40,THIS PORT IS ALLOCATED AS A SHARED VLAN RESOURCE COMMON AND AVAILABLE TO ALL VLAN MEMBERS. On router it's created as VLAN 40 and on the router you set its dhcp range as 10.100.4.100 - 200 with a default gw of 10.100.4.1, On switch under port membership, you mark its config as port 1 TAGGED, ports 3 - 12 get marked as UNtagged.
Port 5 on switch is marked (you mark it) as PVID 50, on router it's created as VLAN 50 and on the router you set its dhcp range as 10.100.5.100 - 200 with a default gw of 10.100.5.1, On switch under port membership, you mark its config as port 1 tagged, port 5 & 4 as untagged.
Port 6 on switch is marked (you mark it) as PVID 60, on router it's created as VLAN 60 and on the router you set its dhcp range as 10.100.6.100 - 200 with a default gw of 10.100.6.1, On switch under port membership, you mark its config as port 1 tagged, port 6 & 4 as untagged.
Port 7 on switch is marked (you mark it) as PVID 70, on router it's created as VLAN 70 and on the router you set its dhcp range as 10.100.7.100 - 200 with a default gw of 10.100.7.1, On switch under port membership, you mark its config as port 1 tagged, port 7 & 4 as untagged.
Port 8 on switch is marked (you mark it) as PVID 80, on router it's created as VLAN 80 and on the router you set its dhcp range as 10.100.8.100 - 200 with a default gw of 10.100.8.1, On switch under port membership, you mark its config as port 1 tagged, port 8 & 4 as untagged.
Port 9 on switch is marked (you mark it) as PVID 90, on router it's created as VLAN 90 and on the router you set its dhcp range as 10.100.9.100 - 200 with a default gw of 10.100.9.1, On switch under port membership, you mark its config as port 1 tagged, port 9 & 4 as untagged.
Port 10 on switch is marked (you mark it) as PVID 100, on router it's created as VLAN 100 and on the router you set its dhcp range as 10.100.10.100 - 200 with a default gw of 10.100.10.1, On switch under port membership, you mark its config as port 1 tagged, port 10 & 4 as untagged.
Port 11 on switch is marked (you mark it) as PVID 110, on router it's created as VLAN 110 and on the router you set its dhcp range as 10.100.11.100 - 200 with a default gw of 10.100.11.1, On switch under port membership, you mark its config as port 1 tagged, port 11 & 4 as untagged.
Port 12 on switch is marked (you mark it) as PVID 120, on router it's created as VLAN 120 and on the router you set its dhcp range as 10.100.12.100 - 200 with a default gw of 10.100.12.1, On switch under port membership, you mark its config as port 1 tagged, port 12 & 4 as untagged.
(NOTE; having to post this as separate thread entries as ths forum's BB system only allow 10K characters per posting)
This support case was solved on 3/6th, the day after last posting, by a Netgear "Middle Enterprise Experts L2" support group engr. So in all fairness, this particular sub group inside of Netgear support proved responsive and ESPECIALLY so as to the particular engr that i dealt with.
The following solution is based on ACLs and was generated by Netgear "Middle Enterprise Experts L2" support group.
( i wil not mention the name of the person that solved this for us and that i personally found to be a very resourcefull and a very skilled support engr, as i do not want to endanger their job if the wrong "spin" is put on by the employer. -stranger things i have witnessed..- I would just like to thank them and tell all that the following is their work at solving this. SO this is not my work, and it works very well, as it solved this problem for us )
The following will also solve the problem of anyone setting up a bunch of VLANs tht they want to have as separate or segregated (i will not use the word "isolated VLAN" as the term "isolated" refers to something else inside Netgear documentation as far as configuraitons where VLANS are concerned),
In this setup let's say we/you want to only share the internet connection
-(this also could be multiple WAN providers on a SRX5308 or similar multi-wan router, regardless, the internet feed(s)conection(s)- is intended to be shared),
and also required is inbound svcs (like RDP remote control for users' desktop access and such) and of course, outbound services from all VLAN LANs.
-(By this i mean that the VLAN ports on the M4100 are set up as port based VLANs and in turn are connected to flat LAN unmanaged switches at diffrent depts).
Also a shared resource pool is needed so as to be able to have all the VLANs share a common printer/copier and perhaps sharepoint servers, email servers and such ..
-So the approach found to work is take one of the VLAN ports (NOT the default LAN, which is known as the VLAN 1 port), but say using port 4, as it is used in this case, and make it into the common VLAN, seen by all VLAN members and then the printer(s) are connected to an unmanaged switch that ends up being connected to port 4 on the M4100 VLAN switch.
The setup:
You have a router (a Netgear SRX5308 in this case, but i can see for soho use even an older DD-WRT flashed Linky blu-box that's broadcom based and can define VLANs just doing the job) feeding a M4100 port based VLAN switch. (i can also see any managed switch being used that has VLAN support, same principles apply)
You are using 12 ports with VLANs assigned to ports as follows and you have the router also configured so it knows about the VLANs and also is doing the dhcp for all the VLANs.
IMPORTANT HERE --> On the router you turn on "enable interVLAN routing" ON ALL THE VLANS AND PORTS (EXCEPT PORT 2 WHICH YOU WILL USE FOR VOIP TRAFFIC AND IS A SEPARATE ENTITY) as you will use the M4100 VLAN switch ACL scripts to stop the packets from getting to the VLANs (ON THE SWITCH ITSELF, BEFORE EVEN GETTING TO THE ROUTER) as the goal is you dont want to snoop each others' VLANs or discover each others' resources.
(oops forgot to mention that, Updated the fw to latest rev upon unboxing of both router and switch).
On both the router and switch you define the following VLANs and ip ranges
The router and switch are interconnected with a patch cord on each other's respective port 1's.
VLAN 1 is default LAN, PVID 1 on switch, and carries all internet traffic
On switch you have it UNtagged in its own default LAN (marked VLAN 1) configuration for ALL the ports on the switch, (BUT AS A TAGGED port, as you see below, when you define all the other VLANs). You define on the router the default LAN config (VLAN 1) as dhcp range 10.100.1.100 - 200 range and its deflt gw as 10.100.1.1 (it's \24 on this deflt LAN & all these VLANs, 255.255.255.0, --(found out from the router that i couldnt use the old supernet trik of stipulating a 255.255.248.0 or 255.255.240.0 netmask to have more hosts. it wouldnt take it, telling me i'm outa range..)
On the router, no deffn as to Port 2 and also on the switch port 2 remains factory default as PVID 1 (just another port like port 1 at this point) because port 2 is being reserved for future allocation to Voip traffic and on this particular Netgear M4100 port based VLAN switch port 2 is designated as the AutoVoip port and comes preconfigured for Voip expected usage. YOU LEAVE THIS PORT WELL ENOUGH ALONE on switch for now
Port 3 on switch is marked (you mark it) as PVID 30, on router it's created as VLAN 30 and on the router you set its dhcp range as 10.100.3.100 - 200 with a default gw of 10.100.3.1, On switch under port membership, you mark its config as port 1 tagged, port 3 & 4 as untagged.
Port 4 on switch is marked (you mark it) as PVID 40,THIS PORT IS ALLOCATED AS A SHARED VLAN RESOURCE COMMON AND AVAILABLE TO ALL VLAN MEMBERS. On router it's created as VLAN 40 and on the router you set its dhcp range as 10.100.4.100 - 200 with a default gw of 10.100.4.1, On switch under port membership, you mark its config as port 1 TAGGED, ports 3 - 12 get marked as UNtagged.
Port 5 on switch is marked (you mark it) as PVID 50, on router it's created as VLAN 50 and on the router you set its dhcp range as 10.100.5.100 - 200 with a default gw of 10.100.5.1, On switch under port membership, you mark its config as port 1 tagged, port 5 & 4 as untagged.
Port 6 on switch is marked (you mark it) as PVID 60, on router it's created as VLAN 60 and on the router you set its dhcp range as 10.100.6.100 - 200 with a default gw of 10.100.6.1, On switch under port membership, you mark its config as port 1 tagged, port 6 & 4 as untagged.
Port 7 on switch is marked (you mark it) as PVID 70, on router it's created as VLAN 70 and on the router you set its dhcp range as 10.100.7.100 - 200 with a default gw of 10.100.7.1, On switch under port membership, you mark its config as port 1 tagged, port 7 & 4 as untagged.
Port 8 on switch is marked (you mark it) as PVID 80, on router it's created as VLAN 80 and on the router you set its dhcp range as 10.100.8.100 - 200 with a default gw of 10.100.8.1, On switch under port membership, you mark its config as port 1 tagged, port 8 & 4 as untagged.
Port 9 on switch is marked (you mark it) as PVID 90, on router it's created as VLAN 90 and on the router you set its dhcp range as 10.100.9.100 - 200 with a default gw of 10.100.9.1, On switch under port membership, you mark its config as port 1 tagged, port 9 & 4 as untagged.
Port 10 on switch is marked (you mark it) as PVID 100, on router it's created as VLAN 100 and on the router you set its dhcp range as 10.100.10.100 - 200 with a default gw of 10.100.10.1, On switch under port membership, you mark its config as port 1 tagged, port 10 & 4 as untagged.
Port 11 on switch is marked (you mark it) as PVID 110, on router it's created as VLAN 110 and on the router you set its dhcp range as 10.100.11.100 - 200 with a default gw of 10.100.11.1, On switch under port membership, you mark its config as port 1 tagged, port 11 & 4 as untagged.
Port 12 on switch is marked (you mark it) as PVID 120, on router it's created as VLAN 120 and on the router you set its dhcp range as 10.100.12.100 - 200 with a default gw of 10.100.12.1, On switch under port membership, you mark its config as port 1 tagged, port 12 & 4 as untagged.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
